The CyberWire Daily Briefing 01.10.13

Cyber Trends

Expect Less Targeting From This Year's Targeted Attacks (Dark Reading) Broader spearphishing campaigns and watering-hole attacks look to compromise and gather intelligence on broader classes of targets. In the final days of 2012, a group of attackers used exploits for a zero-day vulnerability in Internet Explorer to attempt to exploit the machines of visitors to the Council on Foreign Relations website. The strategy, known as a watering hole attack, looks to compromise the systems of individuals with certain interests or who work in specific fields by launching drive-by attacks from websites that cater to those fields

Zero Day Initiative Identifies Vulnerability Trends (eSecurity Planet) HP TippingPoint's Zero Day Initiative (ZDI), which year-round pays researchers for responsible disclosure of security flaws and sponsors events like Pwn2Own, enjoys a vantage view into the state of security research

10 Unimaginable Facts on How The Internet Really Works (Siliconindia.com) And 7 percent purchased goods from an auction site, according to research by the National Cyber Security Alliance (NCSA) and antivirus vendor McAfee

5 Decisive Security Trends in 2013 (Siliconindia.com) This trend will continue in 2013 and there will be a huge rise in the number of hackers who can futile malware analysis and order for another successful

BYOD enterprise security focus moving from devices to apps (Fierce Mobile IT) The increasing frequency of data breaches resulting from companies allowing employees to bring their own devices to work are a result of poor BYOD policies and lack of technology to implement those policies, according a panel at the 2013 Consumer Electronics Show being held in Las Vegas this week

Verizon CEO: Widespread LTE deployment enables M2M communications to 'come to fruition' (Fierce Mobile IT) The widespread deployment of 4G LTE networks has enabled machine-to-machine communications "to come to fruition on a big scale," Lowell McAdam, Verizon's (NYSE: VZ) chief executive officer, told an audience on Tuesday at the 2013 Consumer Electronics Show

Legislation, Policy and Regulation

App developers, here are 23 pages of suggestions from CA's new privacy cops (Ars Technica) Report is designed to complement law mandating mobile privacy policies

Government Unable to Define 'Homeland Security' (Wired Trheat Level) What is "homeland security?" The federal bureaucracy doesn't know, and that's problematic for a government that has been fighting the ill-defined "war on terror" following 9/11, according to a Wednesday report from the Congressional Research Service. In short, "homeland security

Dutch government introduces disclosure guidelines for white hat hackers (The Verge) The Netherlands last week released official guidelines on "hacktivism," as part of an attempt to encourage white hat hackers to responsibly disclose security flaws. The framework, published Thursday, establishes a formal procedure for ethical hackers to follow when reporting IT vulnerabilities, standing in stark contrast to the more fragmented means by which security holes are typically publicized."Persons who report an IT vulnerability have an important social responsibility," the Netherlands' National Cyber Security Center (NCSC) said in a release. The NCSC added that some hackers may be reluctant to directly notify an organization after discovering a security flaw, choosing instead to anonymously go public online or via other media forums

America's CEOs Call For 'More Intelligent, More Effective Cybersecurity Protection' (Dark Reading) With the Administration and Congress poised to act, the CEOs of America's leading companies today laid out a strategy to protect U.S. economic and national security from growing global cybersecurity threats. The CEOs whose companies invest heavily to protect the networks their businesses rely on outline their plan for developing a more modern, flexible and collaborative approach to protecting America's strategic information assets in the new Business Roundtable (BRT) report, "More Intelligent, More Effective Cybersecurity Protection.""Safeguarding America's strategic information systems, most of which are privately owned and operated, is a top priority for U.S. business," said Ajay Banga, President and CEO of MasterCard Worldwide, and Chair of the BRT Information and Technology Committee. "But, to counter growing threats, we need intelligence and tools from government that only government can provide

Anonymous Asks US President to Make DDOS Attacks a Legal Form of Protesting (Softpedia) In a petition submitted to the White Houses We the People website, Anonymous hacktivists are asking the Obama administration to make distributed denial-of-service (DDOS) attacks a legal form of protesting. With the advance in internet techonology, comes new grounds for protesting. Distributed denial-of-service (DDoS), is not any form of hacking in any way

The Routing Security Battles Intensify (InternetGovernance) An important debate about the implications of BGPSEC - a new protocol that would use a hierarchical Resource Public Key Infrastructure (RPKI) to validate and secure Internet route announcements is taking place in the IETFs Secure Inter-domain Routing (SIDR) Working Group. Its a highly technical discussion, but its significance for Internet governance is profound. It is orders of magnitude more important than the silly tiff over whether a reference to bulk electronic communications in the ITUs International Telecommunication Regulations would lead to an authoritarian takeover of the Internet

How expats in China stay ahead of the internet censors (Quartz) The end seemed near in recent weeks for a number of expatriates in China. Not because of the Mayan apocalypse, which many Chinese actually believed would come on Dec. 21, but rather because the "Great Firewall", China's vast internet censorship system, had become adept at blocking some bypass services used to access corporate networks as well as forbidden sites such as Facebook and Twitter. One US newspaper correspondent in Beijing managed to warn on Twitter that news bureaus would relocate to Tokyo if China didn't back off

Products, Services, and Solutions

Comodo Launches Internet Security 2013 (Dark Reading) CIS 2013 protects computers against viruses and malware. Comodo, one of the leading certificate authorities and Internet security organizations, recently announced the release of its Internet Security 2013 software. Comodo Internet Security 2013 (CIS 2013) delivers malware prevention that is unmatched in the industry and backed by Comodo's $500 Virus-Free Guarantee, an industry first

Clarity Services, Inc. Announces Partnership With iovation Inc. (Dark Reading) Companies will work together on advanced fraud prevention. Clarity Services, Inc., the leading real-time credit bureau providing fraud detection and credit risk management solutions for Middle America announces its partnership with iovation Inc., the leader in device-based fraud and abuse management tools with intelligence on more than one billion devices worldwide

VISA Phases Out the Account Data Compromise Recovery (ADCR) Process and Implements the Global Compromised Account Recovery (GCAR) Program (Information Law Group) In October 2012, VISA quietly released new operating regulations which retroactively phased out VISA's Account Data Compromise Recovery (ADCR) Process, and replaced it with the Global Compromised Account Recovery (GCAR) Program (see page 802 of VISA's operating regulations for a full description of GCAR). For those that have not dealt with the ADCR, it is a program that VISA used to assess fraud recovery and operating expense recovery amounts on acquiring banks whose merchants suffered certain payment card security breaches (Mastercard, Discover and AMEX all have similar programs). Via various merchant agreements, those costs are typically passed on to the merchant that suffered the breach.

Apple acts against 'bait-and-switch' scammers in the App Store (Naked Security) Apple announced today, in a short-and-sweet announcement in its developer news feed, that the bait-and-switch of software screenshots in the App Store will no longer be allowed. Cupertino's finest didn't actually use the words "bait-and-switch", of course. They said:Beginning January 9, app screenshots will be locked in iTunes Connect once your app has been approved

Apple refuses to make the one mobile device taking over the world—but not for long (Quartz) One category of mobile device will blow away all others in the pace of its growth, expanding 70% in each of the next three years and yielding a $135 billion market by the end of 2015. Vendors will move 142 million units of this device in 2013 and up to 402 million by 2015, project analysts at Barclays. That's more than three times the number of iPhones sold in 2012. And, oh yeah, Apple doesn't make one of these. It's called a phablet. As in, an extra-large phone that's almost as big as a tablet, combining aspects of both

Dell SecureWorks launches new VMS and WAS service for cloud (Equities.com) Dell SecureWorks, a provider of information security services, has launched a new vulnerability management service, or VMS, and a new web application scanning, or WAS, service for the cloud and virtual environments

ALi Corporation Integrates Cryptography Research CryptoFirewall Security Core (Fort Mills Times) Cryptography Research, Inc. (CRI), a division of Rambus Inc. (NASDAQ:RMBS) and ALi Corporation (3041 TT), a leading provider of set-top box (STB) system-on-chip (SoC) solutions, today announced that ALi has completed integration of the CRI

8 Key Changes In Microsoft SharePoint 2013 (InformationWeek) Microsoft's popular collaboration platform gets a significant revamp with SharePoint 2013. Here's what you gain

Technologies, Techniques, and Standards

Single Sign-On Mythbusting (Dark Reading) SSO is not an IAM or security cure-all, but it isn't a security killer either. It's no secret that single sign-on (SSO) has been hunted down for years like a mythical identity management treasure--get it right and all those identity and access management (IAM) woes are cured, right? Well, not exactly, say experts

Six Security Services Every Small Business Must Have (Dark Reading) A look at managed services for small and midsize businesses, and how to choose the ones that work for your organization

How Well Do You Know Your Data? (Dark Reading) The more you know about your data, the more effectively you can protect it

Media Screening Can Help to Avoid Brand Damage Through a Bad Hire (ERE) We are all familiar with the story of the Yahoo CEO who took on his role in early 2012, only to be dismissed when stories arose that he padded his resume with an embellished college degree. Many executive screening packages only look at qualifications, work history, education, and public records, that can result in "misses" like the one above

Shodan Search Engine Project Enumerates Internet-Facing Critical Infrastructure Devices (Threatpost) Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget. That's mostly what comprises the arsenal of two critical infrastructure protection specialists who have spent close to nine months trying to paint a picture of the number of Internet-facing devices linked to critical infrastructure in the United States

Amplified Cyber Security Defends Small Business Smartphones (Technorati) Although exploitation of personal data, business contacts or other saved information on smartphones hasnt been compromised yet this year, its expected that 2013 finally will produce cyber theft through cellular phones, especially since mobile wallets which warehouse payment information provide an easy target for data shysters. CNN Money reports vulnerable smartphones with NFC chip technology (Near Field Communication) meant for wireless payment processing will prove most vulnerable to prowlers since interception of signals through RFID would be rather simplistic. Preparing your small business, especially if accepting mobile payments, should highly interest everyone starting off with common sense tactics

Blunting the Cyber Threat to Business (Wall Street Journal) n September, the customer websites of Bank of America, Wells Fargo, US Bank, J.P. Morgan Chase and PNC were rendered inaccessible for more than a day by the biggest cyberattack in history, now attributed to Iranian government hackers. Weeks before, online vandals breached security at LinkedIn, stealing the passwords of six million people who frequent the popular business-networking site. Whether companies are the victims of state-sponsored invasions or criminal attacks, one of the scariest threats facing businesses today is hackingand the possible wholesale theft of proprietary data and personal information about customers and employees

Data security tips for healthcare organizations (Help Net Security) It's that time of year when everyone wants to be healthier. Eat better. Lose weight. Manage stress. Save money. These rank as peoples' top New Year's resolutions. The same holds true for healthcare

Much about social media in disasters remains unknown, unprobed (Fierce Government IT) The available research on social media use during disasters fails to account for the type of social media, says a report from the National Consortium for the Study of Terrorism and Responses to Terrorism

Library of Congress grapples with problem of making Twitter archive accessible (Fierce Government IT) Working with Twitter, the Library of Congress has created an archive of approximately 170 billion tweets organized by date, says an LOC report released this month. Now, the technological challenge is how to make the archive accessible to researchers and policymakers in a comprehensive and useful way

Marketplace

Maryland among the nation's leaders in cybersecurity jobs (Maryland Department of Business and Economic Development) CyberMaryland study highlights opportunities in Maryland's cyber sector. Governor Martin O'Malley today announced that Maryland ranks among the nation's leaders in cybersecurity jobs, according to the Cyber Jobs Report. The study searched approximately 340,000 cybersecurity jobs offered by more than 18,000 companies across the country and found that Maryland had 19,413 job openings in the industry. With more than 13,000 of these job openings located in Baltimore City, the city placed third among major cyber hot beds, behind only Palo Alto, Calif., and San Francisco in the number of available cybersecurity positions

NTIA: FirstNet grant criteria coming in early 2013 (Fierce Government IT) Federal requirements for state and local participation in a $135 million grant program that will support rollout of the national broadband public safety network should be finalized in the coming months, says the National Telecommunications and Information Administration

Budget Cut Likely To Hit Most Pentagon Civilian Workers: Analyst (Reuters) Almost all of the Pentagon's nearly 800,000 civilian employees would likely have to be placed on unpaid leave for a month this year if automatic defense spending cuts go into effect in March as now planned, a top defense budget analyst said on Wednesday

Defence minister: UK is well prepared for a cyber attack (ITN) His comments came after MPs warned the armed forces are now so dependent on information technology that their ability to operate could be "fatally compromised" by a sustained cyber attack. The Commons Defence Committee said the cyber threat to UK

Rand: Navy must hasten cyber defense acquisitions (Fierce Government IT) The Navy needs a new Defense Department-approved acquisition process for cybersecurity, not just a revised version of existing procedures, says the Rand Corp. in a report commissioned by the DoD

GSA negotiates federal terms of service with Pinterest (Fierce Government IT) Federal agencies can join the legion of amateur cooks and interior designers in posting photos to Pinterest now that the social media site has added federally friendly terms of service, the General Services Administration announced Jan. 8

SAIC to Provide Army Biometrics Software Engineering (The New New Internet) Science Applications International Corp. (NYSE: SAI) has won a $73 million task order to provide the U.S. Army software engineering maintenance and management services for a biometrics collection system

Prolexic Selected by PayPro Global for DDoS Mitigation (Equities.com) Prolexic, the global leader in distributed denial of service (DDoS) ... results in repelling cyber-attacks," said Matthew Silverman, CEO of PayPro Global

ManTech Gains Prime on $4B CMS IDIQ Through ALTA Buy (Govconwire) ManTech International (NASDAQ: MANT) has acquired information technology and professional services company firm ALTA Systems for an undisclosed amount. ManTech said it used available cash to finance the acquisition and does not expect the transaction to affect its 2013 financial results

Security Firm FireEye Raises Extra $50M, Says It's Preparing Ground For IPO (TechCrunch) Security company FireEye has announced it has raised an additional $50 million in venture funding, bringing its total funding to-date to more than $100 million. The new funding comes from new and existing investors — including Sequoia Capital, Norwest Venture Partners, Goldman Sachs, Juniper Networks, Silicon Valley Bank, and other

Report: DOJ Could Approve DigitalGlobe-GeoEye Merger This Month (Govconwire) The proposed $900 million cash-and-stock merger between DigitalGlobe (NYSE: DGI) and GeoEye (NASDAQ: GEOY) is expected to receive regulatory approval later this month, Reuters reports. Andrea Shalal-Esa and Diane Bartz report the U.S. Justice Department could wrap up its review of the transaction by mid-January but could delay action after William Baer was sworn in January

Software AG SAP Business Acquired by Software Provider itelligence (Govconwire) Software AG's SAP-based business in North America has been bought by software systems provider itelligence for an undisclosed sum in an attempt to penetrate the Canadian market and expand itelligence's U.S. customer base. The two companies expect to finalize the transaction on Jan. 16, Cincinnati, Ohio-based itelligence said in a statement. A new itelligence branch will also

SafeNet Names BMC Vet Michael Branca CFO (Govconwire) Baltimore-based information security firm SafeNet has appointed BMC Software (NASDAQ: BMC) veteran Michael Branca chief financial officer, effective immediately. The company said he will report to Dave Hansen, president and CEO, and succeed Greg Rapas, who served as interim CFO since June 2012 after Charles Neral left the company. Rapas will continue serving as vice

Sotera Promotes Rick White to CIO (Govconwire) Sotera Defense Solutions has promoted Rick White, previously vice president and solutions architect, to serve as chief information officer. The company said Wednesday White will be responsible for developing and implementing information technology offerings aimed at helping customers fulfill information- and technology-related missions. John Hillen, president and CEO, said White will lead efforts to establish

ASRC Federal Promotes Finance VP Chuck Hicks to SVP (Govconwire) ASRC Federal has promoted Vice President Charles "Chuck" Hicks to senior VP of finance and business operations, the company said Wednesday. Hicks will be responsible for overseeing and managing the company's activities in finance, pricing, government accounting, compliance and program control. He joined the Greenbelt, Md.-based federal contractor as VP for finance and business operations

Lockheed CTO Ray Johnson to Lead Operations, Program Mgmt in Reorganization (Govconwire) Lockheed Martin (NYSE: LMT) has placed operations and program management functions into the corporate engineering and technology organization led by Chief Technology Officer Ray Johnson, the Washington Business Journal reports. According to Jill Aitoro, CEO Marillyn Hewson is consolidating corporate functions that report to her at the Bethesda, Md. headquarters. Bruce Tanner, chief financial officer

TASC Names VeriSign Vet Rick Howard Info Security Lead (Govconwire) TASC has appointed Rick Howard, formerly a general manager of a VeriSign cybersecurity intelligence business unit, to serve as chief information security officer. TASC said Howard will be responsible for leading development of a strategy, technical roadmap and security architecture for the company's information security approach. Howard will focus on the company's information infrastructure and

Fort Meade Alliance extends mentorship application deadline (Capital Gazette) The Fort Meade Alliance has extended the application deadline to Friday for its Meade Business Connect Mentorship Program, a 12-session program designed to help companies understand and navigate the government-contracting environment at Fort George G. Meade

Research and Development

Stylometric analysis to track anonymous users in the underground (Security Affairs) Law enforcement and intelligence agencies conscious of the high risks related to cyber threats have started massive monitoring campaign, everything must be controlled to avoid unpleasant surprises. The trend is shared by every governments of the planet, intelligence agencies are making great investments in term of money and resources to define new methods and to develop new tools for monitoring of social media. One of the most interesting source of information is represented by underground forums, places in the cyberspace where is possible to discuss of every kind of subject and where it is possible to acquire/rent any kind of illegitimate software or service to conduct a cyber attacks

Security Patches, Mitigations, and Software Updates

Researchers: Microsoft will pull trigger on emergency IE patch (IT Wolrd) Microsoft will issue an emergency update to patch a vulnerability in Internet Explorer in the next two weeks to fix a flaw criminals have been using for more than a month, researchers said

Ho-Hum Patch Tuesday Missing IE Zero-Day Fix (NewsFactor Network) This Patch Tuesday may be average, but that doesn't mean it'll be an easy one for IT. There are a lot of restarts and they affect nearly all Windows operating systems. That's what security analyst Paul Henry told us. He also found it interesting, but

Cyber Attacks, Threats, and Vulnerabilities

Incapsula Uncovers Botnet Used in Bank DDoS Attacks (Security Week) It all started when Incapsula's security team detected an abnormal number of security events involving a new client's website, according to the company's blog. When Incapsula intercepted the requests, it discovered numerous requests with encoded PHP code payload operating a backdoor to the client's site, Incapsula found. The attackers were using the backdoor to use the small UK-based general-interest website as a bot taking part in a DDoS attack, Incapsula found

U.S. Bank Hack Attack Techniques Identified (InformationWeek) Security researchers detail how poorly secured, hosted servers helped launch botnet-based attacks; U.S. government continues to blame Iran

Bank DDoS Attacks Employ Web Servers As Weapons (Dark Reading) The recent wave of distributed denial-of-service (DDoS) attacks against U.S. banks is yet another entry on the list of examples of DDoS being used as a tool for protest. But the latest spate of attacks attributed to the hacker group Izz ad-Din al-Qassam used an increasingly popular tactic: turning a compromised Web server into a weapon."Web servers have become the weapon of choice for DDoS attacks," says Marc Gaffan, co-founder and vice president of new business and marketing at Incapsula. "They have significantly more computing and networking capacity than a home PC and can cause havoc when used to launch DDoS attacks

Cyber Security Expert on Bank Hack Attacks (Fox Business) Carl Herberger of Security Solutions for Radware on Iran's role in cyber attacks on banks

Cyber attack hits Fifth Third Bank - Bank responds to reports of security breach via twitter (ClickOnDetroit) Customers of Fifth Third Bank may have noticed some trouble with the company's website on Tuesday, January 8th. The bank says it was the victim of a cyber attack. This particular type of attack is known as a "denial of service", which creates a connectivity issues for users.

Because no money was stolen, officials believe it was a coordinated attack (Daily Mail) Iran blamed for massive cyber attack on U.S. banks data centers as 'puppet hacking group' says they did it because the anti-Mohammed movie is still on the internet. American banks targeted in string of disruptive hacking attacks; Because no money was

Iran's Real Life Cyberwar (Security Tube) The recent Stuxnet, Flame and CA compromises involving Comodo and DigiNotar had three common elements, each was government sponsored, each involved Iran and all three involved a PKI compromise. The presenter will share experience of dealing with the Iranian attack, highlighting the ways in which government sponsored attacks are very different from both 'ordinary' criminal attacks and the Hollywood view of 'cyberwarfare'

Turkey's Council of Higher Education Hacked by RedHack, 60,000 Documents Leaked (Softpedia) The notorious RedHack collective has breached the systems of Turkeys Council of Higher Education (YK), leaking a total of more than 60,000 documents apparently related to corruption investigations that target universities. The hacktivists say they've found cases of corruption at various educational institutions, including Istanbul University, the Uluda University in Bursa, Marmara University, and Ukurova University. Some of the documents includes claims of banks buying luxurious vehicles for university rectors in exchange for them agreeing to deposit university tuition fees at the particular bank, the hackers said about the Istanbul University in their latest press release

MSU hit with cyber attack (Starkville Daily News) Mississippi State University was the target of a cyber-attack on one of the university's servers, but a preliminary investigation indicates that no secure data was lost in the incident. At approximately 8 a.m. Wednesday (Jan. 9), the website Hack Read

Cool, BlackHole Exploit Kits Created by Same Hacker (Threatpost) If the relatively cheap, easily available, and totally reliable Blackhole exploit kit is the Toyota Camry of exploit kits, then the Cool exploit kit is the Lexus LS: both kits are reportedly developed by the same crew, but the latter is astronomically more expensive and presumably loaded with better features

A message from Anonymous Africa (Cyberwarzone) A new video has appeared on YouTube. This Anonymous video has an message from Anonymous Africa. It seems that the Anonymous initiative is setting its course to the rescue of the African continent

Hack turns the Cisco phone on your desk into a remote bugging device (Ars Technica) Internet phones sold by Cisco Systems are vulnerable to stealthy hacks that turn them into remote bugging devices that eavesdrop on private calls and nearby conversations. The networking giant warned of the vulnerability on Wednesday, almost two weeks after a security expert demonstrated how people with physical access to the phones could cause them to execute malicious code. Cisco plans to release a stop-gap software patch later this month for the weakness, which affects several models in the CiscoUnified IP Phone 7900 series. The vulnerability can also be exploited remotely over corporate networks, although Cisco has issued work-arounds to make those hacks more difficult

Academia

Educational Value of Competition: How Cyber Defense Competition Prepares Students for Careers (Bank Info Security) Does cyber defense competition help prepare college students for real-world jobs in information security and risk management? Dan Likarish and Rick Cisneros of Regis University say yes. Here's why. Regis University, based in Colorado, is the Rocky Mountain regional host of the National Collegiate Cyber Defense Competition, an annual contest that gives information assurance students a chance to compete with their peers in an exercise designed to test their abilities to manage and secure a corporate information system

HIPAA 101: Universities Use Office 365 To Meet Regs (InformationWeek) Federal healthcare privacy requirements don't apply only to medical institutions -- schools that maintain student health records must also comply with HIPAA law

Litigation, Investigation, and Enforcement

Eleven UK government employees sacked over social media use at work! (Naked Security) The UK's Guardian newspaper laid into the government's Department for Work and Pensions (DWP) yesterday with a story provocatively entitled Eleven work and pensions civil servants sacked for using Twitter or Facebook. The left-leaning Grauniad even booms forth words from the mouth of a representative of right-leaning think tank Parliament Street, who thunders that "in a social media age, it beggars belief that employees are being banned from using sites like Twitter and Facebook in the workplace

Police Arrest Alleged ZeuS Botmaster 'bx1' (Krebs on Security) A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed bx1, a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan. As reported by The Bangkok Post, 24-year-old Hamza Bendelladj, an Algerian national, was detained this weekend at Bangkoks Suvarnnabhumi airport, as he was in transit from Malaysia to Egypt. This young man captured news media attention when he was brought out in front of Thai television cameras handcuffed but smiling broadly, despite being blamed by the FBI for hacking into customer accounts at 217 financial institutions worldwide

New Evidence Expected In WikiLeaks Case (New York Times) Military prosecutors preparing to try Pfc. Bradley Manning said on Wednesday that they would introduce evidence that Osama bin Laden requested and received from a Qaeda member some of the State Department cables and military reports that Private Manning is accused of passing to WikiLeaks